<?php
	/**
	* @package admin
	* @desc Page for editing one user details such as name, email and role.
	*/
	session_start();
	
	// Direct calling check
	if(!isset($_SESSION["role"]))
	{
		header('Location: ../index.php');
		exit();
	}
	if ($_SESSION["role"] != "admin")
	{
		header('Location: ../index.php');
		exit();
	}
	if(!isset($_GET["submit"]))
	{
		header('Location: findusers.php');
		exit();
	}
	
	/**
	* @desc This include file will load the directory settings for the Smarty Templates
	*/
	require '../includes/smarty.inc';
	$smarty->assign('title', "Add Park");
	$smarty->assign('user_id', $_SESSION["user_id"]);	
	$smarty->assign('last', $_SESSION["lastviewed"]);
	$smarty->assign('firstname', $_SESSION["firstname"]);
	$smarty->assign('role', $_SESSION["role"]);
	$smarty->assign('top5', $_SESSION["top5"]);	
	$smarty->assign('pathdepth', "../");
	$smarty->display('header.tpl');
	
	
	// Make arrays
	$_SESSION["errors"] = array();
	$_SESSION["form"] = array();
	
	// Store variables
	$name = $_GET["name"];
	$email = $_GET["email"];
	$role = $_GET["role"];
	
	$conditions = NULL; // Define variable
	
	// Name validation		
	if (!empty($name))
	{	
		if (!preg_match('/^[a-zA-Z\s]+$/', $name))
			$_SESSION["errors"]["name"] = "No numbers allowed";
			
		else if (strlen($name) > 40)
			$_SESSION["errors"]["name"] = "Maximum 40 characters";
			
		else	
			$_SESSION["form"]["name"] = $name; // Store variable incase error
			addCondition("users.name LIKE '%" . $name . "%'");	// Add condition to SQL
	}
	
	// Email validation
	if (!empty($email))	
	{
		if (!preg_match('/^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}$/', $email))
			$_SESSION["errors"]["email"] = "Email not a valid format";
		else if (strlen($email) > 50)
			$_SESSION["errors"]["email"] = "Maximum 50 characters";	
		else
			$_SESSION["form"]["email"] = $email; // Store variable incase error
			addCondition("users.email LIKE '%" . $email . "%'");	// Add condition to SQL
	}
	
	// Role check
	if ($role != "<Any>")	
		addCondition("users.role = \"" . $role . "\"");	// Add condition to SQL	
	
	// If there were any errors, show the page again
	if (count($_SESSION["errors"]))
	{
		header("Location: findusers.php");
		exit;
	}
	
	$_SESSION['userresults']['name'] = $name;
	$_SESSION['userresults']['email'] = $email;
	$_SESSION['userresults']['role'] = $role;
	
	/**
	* @desc This include file connects to the database.
	*/
	require '../includes/connect.inc';
	
	$selects = "user_id, firstname, lastname, email, role";
	$froms = "users";
	
	// Build query
	$query = "SELECT ".$selects." FROM ".$froms.$conditions; //				
	
	
	// Run query
	if (!$result = mysql_query ($query, $connection))
		die("Result Query Failed");

	$arUsers = array();
	
	if ($result)
	{
		// Iterate equipment
		while ($row = mysql_fetch_array($result))										
			$arUsers[] = array('id' => $row["user_id"],
								'firstname' => $row["firstname"],
								'lastname' => $row["lastname"],
								'email' => $row["email"],
								'role' => $row["role"]);
	}
	
	$smarty->assign('users', $arUsers); // Assign array even if empty
	$smarty->assign('count', mysql_num_rows($result)); // Assign count of results
	$smarty->display('admin/userresults.tpl');
	
	mysql_close($connection); // Close connection
	
		
	$smarty->assign('pathdepth', "../");
	$smarty->display('footer.tpl');
	
	
	// End of procedural script
	
	
	// **************** Functions *******************	
	
	/**
	*@desc Function for creating the SQL query.
	*@param string $condition
	*/
	function addCondition($cond) 
	{			
		global $conditions;
		
		if ($conditions == NULL) // If first time
			$conditions = " WHERE ".$cond;
		else
			$conditions = $conditions." AND ".$cond;				
	}
	
	
	
?>
